From: Sean Christopherson <seanjc@google.com>
To: John Allen <john.allen@amd.com>
Cc: kvm@vger.kernel.org, weijiang.yang@intel.com,
rick.p.edgecombe@intel.com, thomas.lendacky@amd.com,
bp@alien8.de, pbonzini@redhat.com, mlevitsk@redhat.com,
linux-kernel@vger.kernel.org, x86@kernel.org
Subject: Re: [PATCH v2 9/9] KVM: SVM: Add CET features to supported_xss
Date: Wed, 1 May 2024 16:47:53 -0700 [thread overview]
Message-ID: <ZjLUqaDbRglCCnD7@google.com> (raw)
In-Reply-To: <20240226213244.18441-10-john.allen@amd.com>
On Mon, Feb 26, 2024, John Allen wrote:
> If the CPU supports CET, add CET XSAVES feature bits to the
> supported_xss mask.
>
> Signed-off-by: John Allen <john.allen@amd.com>
> ---
> arch/x86/kvm/svm/svm.c | 4 ++++
> 1 file changed, 4 insertions(+)
>
> diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c
> index 1181f017c173..d97d82ebec4a 100644
> --- a/arch/x86/kvm/svm/svm.c
> +++ b/arch/x86/kvm/svm/svm.c
> @@ -5177,6 +5177,10 @@ static __init void svm_set_cpu_caps(void)
> boot_cpu_has(X86_FEATURE_AMD_SSBD))
> kvm_cpu_cap_set(X86_FEATURE_VIRT_SSBD);
>
> + if (kvm_cpu_cap_has(X86_FEATURE_SHSTK))
> + kvm_caps.supported_xss |= XFEATURE_MASK_CET_USER |
> + XFEATURE_MASK_CET_KERNEL;
Based on Weijiang's series, I believe this is unnecessary. Common x86 code will
both set supported_xss, and clear bits if their associated features are unsupported.
I also asked Weijiang to modify the "advertise to userspace" patch to explicitly
clear SHSTK and IBT in svm_set_cpu_caps()[*], so if the stars align as I think they
will, this patch should simply need to delete the
kvm_cpu_cap_clear(X86_FEATURE_SHSTK);
that will be added by the VMX series.
[*] https://lore.kernel.org/all/ZjLRnisdUgeYgg8i@google.com
prev parent reply other threads:[~2024-05-01 23:47 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-02-26 21:32 [PATCH v2 0/9] SVM guest shadow stack support John Allen
2024-02-26 21:32 ` [PATCH v2 1/9] x86/boot: Move boot_*msr helpers to asm/shared/msr.h John Allen
2024-02-27 19:45 ` Borislav Petkov
2024-02-26 21:32 ` [PATCH v2 2/9] KVM: x86: SVM: Emulate reads and writes to shadow stack MSRs John Allen
2024-02-26 21:32 ` [PATCH v2 3/9] KVM: x86: SVM: Update dump_vmcb with shadow stack save area additions John Allen
2024-02-26 21:32 ` [PATCH v2 4/9] KVM: x86: SVM: Pass through shadow stack MSRs John Allen
2024-02-26 21:32 ` [PATCH v2 5/9] KVM: SVM: Rename vmplX_ssp -> plX_ssp John Allen
2024-02-27 18:14 ` Sean Christopherson
2024-02-27 19:15 ` Tom Lendacky
2024-02-27 19:19 ` John Allen
2024-02-27 19:23 ` Sean Christopherson
2024-02-27 19:25 ` John Allen
2024-02-26 21:32 ` [PATCH v2 6/9] KVM: SVM: Add MSR_IA32_XSS to the GHCB for hypervisor kernel John Allen
2024-05-01 23:43 ` Sean Christopherson
2024-05-02 17:46 ` Tom Lendacky
2024-05-02 18:34 ` Sean Christopherson
2024-02-26 21:32 ` [PATCH v2 7/9] x86/sev-es: Include XSS value in GHCB CPUID request John Allen
2024-02-27 19:47 ` Borislav Petkov
2024-02-26 21:32 ` [PATCH v2 8/9] KVM: SVM: Use KVM-governed features to track SHSTK John Allen
2024-02-26 21:32 ` [PATCH v2 9/9] KVM: SVM: Add CET features to supported_xss John Allen
2024-05-01 23:47 ` Sean Christopherson [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZjLUqaDbRglCCnD7@google.com \
--to=seanjc@google.com \
--cc=bp@alien8.de \
--cc=john.allen@amd.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mlevitsk@redhat.com \
--cc=pbonzini@redhat.com \
--cc=rick.p.edgecombe@intel.com \
--cc=thomas.lendacky@amd.com \
--cc=weijiang.yang@intel.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.